[Samba] [3.2.0] Off by one error - Samba

This is a discussion on [Samba] [3.2.0] Off by one error - Samba ; Jerry, The 3.2.0 release is reporting this in the log.nmbd [root@beta samba]# cat log.nmbd [2008/07/02 12:26:52,* 0] nmbd/nmbd.c:main(849) * nmbd version 3.2.0 started. * Copyright Andrew Tridgell and the Samba Team 1992-2008 [2008/07/02 12:26:52,* 0] lib/util_str.c:safe_strcpy_fn(709) ERROR: string overflow by ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: [Samba] [3.2.0] Off by one error

  1. [Samba] [3.2.0] Off by one error

    Jerry,

    The 3.2.0 release is reporting this in the log.nmbd
    [root@beta samba]# cat log.nmbd
    [2008/07/02 12:26:52,* 0] nmbd/nmbd.c:main(849)
    * nmbd version 3.2.0 started.
    * Copyright Andrew Tridgell and the Samba Team 1992-2008
    [2008/07/02 12:26:52,* 0] lib/util_str.c:safe_strcpy_fn(709)
    ERROR: string overflow by 1 (16 - 15) in safe_strcpy [192.168.100.20/24]

    Other than this issue; no real problems.
    James

    ----
    James Kosin


    International Communications Group, Inc.
    230 Pickett's Line
    Newport News, VA* 23603

    Phone: +1 (757) 947-1030 ext 122
    Fax: +1 (757) 947-1035


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] [3.2.0] Off by one error

    On Wed, Jul 02, 2008 at 12:32:46PM -0400, James Kosin wrote:
    > Jerry,
    >
    > The 3.2.0 release is reporting this in the log.nmbd
    > [root@beta samba]# cat log.nmbd
    > [2008/07/02 12:26:52,* 0] nmbd/nmbd.c:main(849)
    > * nmbd version 3.2.0 started.
    > * Copyright Andrew Tridgell and the Samba Team 1992-2008
    > [2008/07/02 12:26:52,* 0] lib/util_str.c:safe_strcpy_fn(709)
    > ERROR: string overflow by 1 (16 - 15) in safe_strcpy [192.168.100.20/24]
    >
    > Other than this issue; no real problems.


    Great (the no problems part) ! Can you attach with gdb to this error
    message and get a backtrace when it occurs please ?

    Thanks,

    Jeremy.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. RE: [Samba] [3.2.0] Off by one error

    -----Original Message-----
    From: Jeremy Allison [mailto:jra@samba.org]
    Sent: Wednesday, July 02, 2008 12:57 PM
    To: James Kosin
    Cc: samba@lists.samba.org
    Subject: Re: [Samba] [3.2.0] Off by one error

    On Wed, Jul 02, 2008 at 12:32:46PM -0400, James Kosin wrote:
    > Jerry,
    >
    > The 3.2.0 release is reporting this in the log.nmbd
    > [root@beta samba]# cat log.nmbd
    > [2008/07/02 12:26:52,* 0] nmbd/nmbd.c:main(849)
    > * nmbd version 3.2.0 started.
    > * Copyright Andrew Tridgell and the Samba Team 1992-2008
    > [2008/07/02 12:26:52,* 0] lib/util_str.c:safe_strcpy_fn(709)
    > ERROR: string overflow by 1 (16 - 15) in safe_strcpy [192.168.100.20/24]
    >
    > Other than this issue; no real problems.


    Great (the no problems part) ! Can you attach with gdb to this error
    message and get a backtrace when it occurs please ?

    Thanks,

    Jeremy.

    ---
    Jeremy,

    I'd need some pointers, I'm not all that familiar with gdb, and there is no way to stop on the error. NMDB still runs after displaying this; so, I don't think a back-trace will help find it when I kill the process.

    It looks as though it may be trying to copy the allowable IP addresses into a structure that only has space for 15 characters. The ip [192.168.100.20/24] ends up being in the config file
    [root@beta samba]# cat smb.conf | grep 192.168.100.20/24
    interfaces = 192.168.100.20/24



    James

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] [3.2.0] Off by one error

    On Wed, Jul 02, 2008 at 02:09:48PM -0400, James Kosin wrote:
    > -----Original Message-----
    > From: Jeremy Allison [mailto:jra@samba.org]
    > Sent: Wednesday, July 02, 2008 12:57 PM
    > To: James Kosin
    > Cc: samba@lists.samba.org
    > Subject: Re: [Samba] [3.2.0] Off by one error
    >
    > On Wed, Jul 02, 2008 at 12:32:46PM -0400, James Kosin wrote:
    > > Jerry,
    > >
    > > The 3.2.0 release is reporting this in the log.nmbd
    > > [root@beta samba]# cat log.nmbd
    > > [2008/07/02 12:26:52,* 0] nmbd/nmbd.c:main(849)
    > > * nmbd version 3.2.0 started.
    > > * Copyright Andrew Tridgell and the Samba Team 1992-2008
    > > [2008/07/02 12:26:52,* 0] lib/util_str.c:safe_strcpy_fn(709)
    > > ERROR: string overflow by 1 (16 - 15) in safe_strcpy [192.168.100.20/24]
    > >
    > > Other than this issue; no real problems.

    >
    > Great (the no problems part) ! Can you attach with gdb to this error
    > message and get a backtrace when it occurs please ?
    >
    > Thanks,
    >
    > Jeremy.
    >
    > ---
    > Jeremy,
    >
    > I'd need some pointers, I'm not all that familiar with gdb, and there is no way to stop on the error. NMDB still runs after displaying this; so, I don't think a back-trace will help find it when I kill the process.


    What you can do is attach to the running process with :

    gdb /usr/local/samba/sbin/nmbd
    b lib/util_str.c:safe_strcpy_fn:709
    attach
    continue

    Then when the breakpoint triggers you can type :

    bt

    to get the backtrace, and also go up the stack
    and type out the local variables.

    If it happens every time you start nmbd then
    that's easier, just type :

    gdb --args /usr/local/samba/sbin/nmbd -i
    b lib/util_str.c:safe_strcpy_fn:709
    run

    Thanks !

    Jeremy
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  5. Re: [Samba] [3.2.0] Off by one error

    ----- Original Message -----
    From: "Jeremy Allison"
    Newsgroups: linux.samba
    Sent: Wednesday, July 02, 2008 2:20 PM
    Subject: Re: [Samba] [3.2.0] Off by one error


    >
    >> I'd need some pointers, I'm not all that familiar with gdb, and there is
    >> no way to stop on the error. NMDB still runs after displaying this; so,
    >> I don't think a back-trace will help find it when I kill the process.

    >
    > What you can do is attach to the running process with :
    >
    > gdb /usr/local/samba/sbin/nmbd
    > b lib/util_str.c:safe_strcpy_fn:709
    > attach
    > continue
    >
    > Then when the breakpoint triggers you can type :
    >
    > bt
    >
    > to get the backtrace, and also go up the stack
    > and type out the local variables.
    >
    > If it happens every time you start nmbd then
    > that's easier, just type :
    >
    > gdb --args /usr/local/samba/sbin/nmbd -i
    > b lib/util_str.c:safe_strcpy_fn:709
    > run
    >
    > Thanks !
    >
    > Jeremy


    I'll have to get back to you later on the backtrace gdb is broken on my
    machine.
    It is 100% reproducable by including an interfaces line with the IP and mask
    as the parameter. And only happens on startup when nmbd is loading the
    configuration. If I change the interfaces line to read just the single IP
    without the mask all is fine.
    I'll check to see if this was a change to how the interface line is
    specified or a problem that has always been there. And wasn't caught until
    safe-copy was used.

    interfaces 192.168.100.20/24
    breaks the nmdb with an error; but doesn't stop nmdb.
    interfaces 192.168.100.20
    works and no error is reported.

    James Kosin

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


  6. Re: [Samba] [3.2.0] Off by one error

    On Wed, Jul 02, 2008 at 06:46:50PM -0400, James Kosin wrote:

    > I'll have to get back to you later on the backtrace gdb is broken on my
    > machine.
    > It is 100% reproducable by including an interfaces line with the IP and
    > mask as the parameter. And only happens on startup when nmbd is loading
    > the configuration. If I change the interfaces line to read just the single
    > IP without the mask all is fine.
    > I'll check to see if this was a change to how the interface line is
    > specified or a problem that has always been there. And wasn't caught until
    > safe-copy was used.
    >
    > interfaces 192.168.100.20/24
    > breaks the nmdb with an error; but doesn't stop nmdb.
    > interfaces 192.168.100.20
    > works and no error is reported.


    Ok, I've found it. It's a warning, not an error.
    We've correctly set up the interface here but
    we're just trying to set the interface name.

    It happens here lib/interface.c:

    472 safe_strcpy(ifs.name, token, sizeof(ifs.name)-1);

    Where token is set to "192.168.100.20/24" which is greater
    than ifs.name. We've already parsed out the values for
    ss, ss_mask and ss_bcast we're just trying to give the
    pseudo interface a name.

    I'll replace this with strlcpy and it should be fine.

    Thanks for the report though !

    Jeremy.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


+ Reply to Thread